RE: Agenda for 2012-02-01 call (V02: added more incoming issues with text) from Shane Wiley on 2012-01-31 (public-tracking@w3.org from January 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Tue, 31 Jan 2012 07:22:44 -0800
To: David Singer <singer@apple.com>, Matthias Schunter <mts@zurich.ibm.com>
CC: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D0C425889@SP2-EX07VS02.ds.corp.yahoo.com>

To add more to the SHOULD side of the discussion:

By allowing a SHOULD on response headers will allow companies across the globe, large and small, as well as trade organizations, to immediately embrace the DNT standard, move forward with implementations, and include DNT in Codes of Conduct.

If we move forward with a MUST on response headers, it may prove to be a motivator for implementation but will likely take months and years for full compliance.  Large companies will move forward with implementation of response headers regardless of the SHOULD/MUST outcome, but I fear that regulators and some advocates will deem this working group's efforts a failure if industry-wide support of DNT drags on for an extended period of time.  There are natural incentives to support response headers (as the draft text points out) so I would suggest we allow these market forces to drive the appropriate outcome.

- Shane

From: David Singer [mailto:singer@apple.com]
Sent: Tuesday, January 31, 2012 7:43 AM
To: Matthias Schunter
Cc: Tracking Protection Working Group WG
Subject: Re: Agenda for 2012-02-01 call (V02: added more incoming issues with text)


On Jan 31, 2012, at 13:12 , Matthias Schunter wrote:



7. Collect arguments "SHOULD" vs. "MUST" for response headers
    https://www.w3.org/2011/tracking-protection/track/issues/120


Since I can't be on the call...

Background: We have a service that claims compliance to the protocol, responding to a DNT request.

If the response header is only a SHOULD, then we need to define a default.  We could say "for cacheable objects, the default value is "not trackable"; for all others it is "I may be tracking you (claiming all possible exceptions)".  The UA will have to work out whether the service is 1st or 3rd party, to work out which set of exceptions are possibly claimed.  In addition, it's possible that the entity determining the default is not able to see the cache headers (there were discarded by the HTTP end-point) and that it therefore erroneously concludes that untrackable resources are potentially being tracked.

The advantage of a SHOULD is that the service only needs to add the header in the systems that handle tracking; ordinary (cacheable) resource delivery would not need any engineering changes, to remain in compliance (even if that's dangerous).

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 31 January 2012 15:23:30 UTC